> I work with senior citizens and tried to explain how to parse the domain in the URL by looking for the first forward "/" after the "https://" and then scan backwards but they find that mental algorithm confusing and those instructions don't stick.

Have you tried some analogy which will be personal to them? Like describing the URL as a family tree: “com is the oldest ancestor, like you Mr Johnson. Then apple is your son Bill, and getsupport is your grandchild Cody. If you saw ml instead of getsupport, that would be a different grandchild, but still in your family. However, when you see phish and xyz before apple and com you can think ‘I don’t know those people, they aren’t my father and grandfather’”.

The idea is imperfect but I literally just thought of it. We could certainly come up with something better that might eventually work.

Thank you for working to keep vulnerable people safe from phishing.